From edb784636de189707dedcd01857ecacf7b2a88fd Mon Sep 17 00:00:00 2001
From: Nick Bailey <nbailey@shermanhoward.com>
Date: Fri, 6 Jul 2018 09:59:12 -0600
Subject: Changes to secret filtering: Fixed secret regex which would strip
 config after secret string (like "privilege 15") and which would not match
 on: "bsd-username test secret $1$FAKESTRINGblahblah" which is created
 whenever username secret is created.

Added regex to filter password hashes for configs not using
password 7 instead of secret such as:
username test password 7 8888blahblah8888 privilege 4
---
 lib/oxidized/model/ftos.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/oxidized/model/ftos.rb b/lib/oxidized/model/ftos.rb
index 3ef4de6..e5669a5 100644
--- a/lib/oxidized/model/ftos.rb
+++ b/lib/oxidized/model/ftos.rb
@@ -9,7 +9,8 @@ class FTOS < Oxidized::Model
 
   cmd :secret do |cfg|
     cfg.gsub! /^(snmp-server community).*/, '\\1 <configuration removed>'
-    cfg.gsub! /secret (\d+) (\S+).*/, '<secret hidden>'
+    cfg.gsub! /(secret \d* {0,1})\S+(.*)/, '\\1<secret hidden>\\2'
+    cfg.gsub! /(password \d+) \S+(.*)/, '\\1 <hash hidden>\\2'
     cfg
   end
 
-- 
cgit v1.2.1